Created December 05, 2012

Embed URL

HTTPS clone URL

SSH clone URL

Tweeting on behalf of users is bad

I just got trapped by Prismatic who tweeted a metric ton of messages on my twitter account. I do not want to pick on Prismatic who is probably a great product otherwise. However this is clearly a pattern that we've all seen too many times and this has to stop.

Before anything else, I could have very well done a mistake and hit the wrong buttons/settings. I am not putting the blame on Prismatic, but on this crazy system that allows machines to post on my behalf. No matter what, though, they should obviously prevent me from doing something that dumb, if that's my fault.

What happened

It's simple, I logged in Prismatic using my Twitter account, and then, I started to follow some people in there. Quickly, I got a couple @replies on twitter and a couple DM from some of my friends about me messing up my Twitter account. That was too late. Hundreds (?) of tweets were posted before I could even
understand what was going on. I also lost about 20 followers :(.

I quickly revoked Prismatic's access and started to think about that. Someone at Prismatic got in touch. She apologized and, even though I trust her when she said she was sorry, I was quite surprised when she said:

We don’t tweet on behalf of our users. We have no desire for our users to spam people. We’re looking into this right now. Thanks!

I'm pretty sure they did. There is no way I could tweets that many times in such a short delay.

I later posted another tweet:

Please stop tweeting on behalf of your users. If you're good enough you don't need it. If you need it, then your product suck.

Let me explain.

Don't do that

If your app is great, then your users will post about it. They will do a better job at promoting your service that what you could ever do. Of course you can ask them to do so, or even tell them that you don't want to tweet on their behalf but need that to grow. When I see different versions of "X service is great" from different people, I eventually try that service.

On the other hand, if you rely on these auto-tweets to grow, then, there is probably something wrong with your product. You cannot ask your users to trade some of their social relationships and trust. Would you give me your kids pictures so that I can give you a freebie? Well, that's how I feel when services ask me to post stuff on my behalf.

Of course, here, I think it's actually Twitter's responsibility to limit this. I understand this permission is necessary for Twitter clients, but I'm pretty sure it should not be there for other services. Prismatic does not need it, for example.

Federation is the solution

If your app allows users to share content on various social networks, just redirect them to the right page, so that they know what they're doing and can decide whether they want to do it or not.

Now, I understand the need to "piggyback" on the back of other existing social networks to bootstrap. There is a way around that: it's called federation. If Twitter allowed other twitter users to subscribe to me on Prismatic, then, there wouldn't be any need for machine triggered posts.

I used Twitter to sign up for Prismatic, so Twitter knows I have an account there. That means that Twitter could allow people to follow @julien51/prismatic. Prismatic would then need to publish (using a feed and PubSubHubbub for example) whatever actions I do, and Twitter would be able to subscribe to that content and show each of my actions to any @julien51/prismatic subscriber.

Of course, that works for Prismatic but could also work with any other app/service... and it works for Twitter but could also work with any other 'social' network.

I guess it's all about trust. Prismatic clearly misused your trust and as such should be banned from your Twitter account - hence the "revoke access" buttons. Also, I saw their website today, but after your experience, I don't plan on trying them out. That's why it's not worth misusing the trust.